In order to get rid of "Error 0×80092013: The revocation function was unable to check revocation because the revocation server was offline" you have to install base/delta CRLs on the client you want to connect to the VPN server…
However, it would seem that I have to frequently install the CRLs from my Certificate Authority server on my clients (every couple of days, not just once) – a task which is rather cumbersome. Is there a way to automate the CRL download/addstore or actually fix this issue (without disabling CRL check)?
Best Answer
Yeah, you don't put the CRLs on the client, you put them in the CDP that is defined in the certificate.
I suppose it's possible that you wrote a CDP into the cert that was file://c:/local/path/whoops, in which case that's not really what you wanted. You want a publicly-accessible URL, so read up on the docs for your CA and re-issue the certs with a better CDP.